Git authentication fails after enabling 2FA

I just enabled 2FA (I can't think of any other changes I made) and git asked for my username and password. I provided both, but they were "wrong". I tried many of the solutions here: https://stackoverflow.com/questions/6565357/git-push-requires-username-and-password but that didn't work. In particular, when switching from https to ssh, the ssh key gives

Permission denied (publickey). fatal: Could not read from remote repository.

$ git push
warning: push.default is unset; its implicit value is changing in
Git 2.0 from 'matching' to 'simple'. To squelch this message
and maintain the current behavior after the default changes, use:

  git config --global push.default matching

To squelch this message and adopt the new behavior now, use:

  git config --global push.default simple

See 'git help config' and search for 'push.default' for further information.
(the 'simple' mode was introduced in Git 1.7.11. Use the similar mode
'current' instead of 'simple' if you sometimes use older versions of Git)

Username for 'https://github.com': **********
Password for 'https://[email protected]': 
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/mlbileschi/scala.git/'

Any tips?

You need to generate an access token. You can create one by going to your settings page.

Use this access token as your password in the command line.

An end-to-end solution takes 3 steps.

1. Kudos to Gergo Erdosi. His answer is largely right, it is just that Github changes that setting page. As of late 2016, you need to generate an access token from your Personal access tokens page.

   

   Use this access token as your password in the command line.

2. You can persist your user name by including it into your project remote url. One of the way to do it is to edit your .git/config to modify the url line into the following format:

   url = https://[email protected]/owner/repo.git

3. You can persist your password by run this for one time only:

   $ git config credential.helper store

   and then your future git password(s) will be stored in ~/.git-credentials, in plaintext, using the format https://user:[email protected].

   Storing password(s) in plaintext would normally be considered as a security risk. But in this 2FA case, the credential is NOT your real password, it is a randomly generated string. So it is as secure as using a ssh private key a passphrase-less ssh private key. CAVEAT: keep in mind that, if you happen to also use another git account(s) without 2FA on this machine, those real password(s) will also be stored in plaintext.

PS: Alternatively, you could choose to use ssh-based login, using a passphrase-protected ssh private key, which would be more secure and less convenient, but it is outside the scope of this answer.

You can set an SSH key (on both Linux and Windows)

>  Note for Windows users
> Make sure HOME environment variable is defined and set on your user's directory
> e.g. C:\Users\jossef (learn more)

---

1) Generating a new SSH key (source)

Open terminal / cmd and paste the text below, (replace with your GitHub email address)

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

---

2) Link the public key to your GitHub account

• On Linux / macOS, run in terminal:

  cat ~/.ssh/id_rsa.pub
  

• On Windows, run in cmd:

  type %HOME%\.ssh\id_rsa.pub
  

This will output the public key:

ssh-rsa AAAAB3NzaC1y ... mKAKw== [email protected]

Navigate to https://github.com/settings/keys

• Click New SSH Key
• Give it a title
• Copy-paste the public key from the previous command output

---

3) Change git origin from https:// to ssh

Open terminal / cmd and cd to your cloned repository directory and run:

git remote set-url origin git@github.com:<github username>/<repository name>

I had a similar problem. I had to alter the url used in the git command to include my username.

git push https://[email protected]/mlbileschi/scala.git

Then when it asks for PW use the access token you created from following the instructions in Gergo Erdosi's answer.

If you are already using ssh keys, after enabling 2FA it will enforce you to read/write remote with SSH. You don't really need to add personal tokens rather keep using your existing SSH key pair.

Just change your remote url from HTTPS to SSH:

git remote set-url origin git@github.com:<github-username>/<repo-name>

2021 update

Not sure if this is going to work for everyone but updating my git version from 2.27.0 to the latest one (currently 2.30.0) solved my issue, whereas trying to use a personal access token as a password in the command line didn't.

After the update, when trying to push, I was prompted to login into GitHub through the browser, instead of typing my credentials in a dialog or in the command line.

This worked for me:

• Go to [your-git-repo]/.git/config

• Under [remote "origin"] Change the URL key from http protocol to git.

Example

If the value of url is https://github.com/<repo-url>.git change it to [email protected]:<repo-url>.git

This worked for me after enabling 2FA on Github:

1. Create a Personal Access Token: https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.
   NOTE: Remember to select the correct permissions for the token.

2. Run:
   git clone https://github.com/username/repo.git
   Username: your_username
   Password: your_token

Further reading: https://help.github.com/en/github/using-git/which-remote-url-should-i-use

I was facing this problem on existing repo when I enabled 2FA(two factor authentication) for one of my private repos. I was able to solve it following below steps on my ubuntu 19.0 terminal:-

1. Add your ssh key to github so that you dont need to use your password again,as now you have enabled 2FA.Visit github page to know how to do it easily.

2. Once key is added, go to your terminal, and update the origin url

   git remote set-url origin [email protected]:<USERNAME>/<BRANCH-NAME>

Thats it.Hope it helps

I came across this issue when switching to an old laptop. Really the issue was just that I was running an old version of git. Once I updated to the most recent version of git with the new cross platform credential manager it was able to sign me w/ 2FA perfectly fine (looks like it automatically creates a PAT for you).